MD Anderson Cancer Center at the University of Texas has sent letters to about 2,200 patients “whose unencrypted medical records may have been compromised on a lost thumb drive,” reports claim. Even more upsetting, it's the third possible data breach this year for the prestigious center.
According to a statement, a trainee lost the storage device on an employee shuttle bus July 13. As with most data breaches, the missing records included patients' names, dates of birth, medical record numbers, diagnoses, and treatment and research information
On April 30, a laptop with the unencrypted records of 29,201 MD Anderson patients was reported stolen from a physician's home, according to the hospital and the official breach notification list kept by the Office for Civil Rights at HHS. In January, nearly 4,000 patients were notified their insurance claim records were on a laptop stolen from the home of a PriceWaterhouseCoopers employee, although those records were encrypted. The Ponemon Institute estimates that data breaches could be costing the U.S. healthcare industry between $4.2 billion and $8.1 billion a year, or an average of $6.5 billion.
According to a recent study by Verizon, 96 percent of breaches in 2011 were avoidable through simple or intermediate controls. In 2010 there were 662 data breaches. Medical and healthcare facilities accounted for 24.2 percent.
Different organizations came up with different numbers, but the amount of patient records exposed, based on a study from the Identity Theft Resource Center, was anywhere from 22.9 million to 30.4 million records breached in 2011.
In a recent CDW survey about how patients feel about their privacy, almost 50 percent of respondents said they felt “somewhat negative” about the impact EHRs would have on the privacy of their personal and health data.
Edited by
Brooke Neuman
